From 164ba78c81eaa4d294561dca558486c5a7899914 Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Mon, 12 Mar 2018 09:22:04 +0200
Subject: [PATCH] Added blacklist checks and rate limit logging

Needs testing
---
 rpg-docs/Model/Meta/Blacklist.js | 9 +++++++++
 rpg-docs/Routes/API.js           | 6 +++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 rpg-docs/Model/Meta/Blacklist.js

diff --git a/rpg-docs/Model/Meta/Blacklist.js b/rpg-docs/Model/Meta/Blacklist.js
new file mode 100644
index 00000000..221c64ec
--- /dev/null
+++ b/rpg-docs/Model/Meta/Blacklist.js
@@ -0,0 +1,9 @@
+Blacklist = new Mongo.Collection("blacklist");
+
+Schemas.Blacklist = new SimpleSchema({
+	userId: {
+		type: String,
+	},
+});
+
+Blacklist.attachSchema(Schemas.Blacklist);
diff --git a/rpg-docs/Routes/API.js b/rpg-docs/Routes/API.js
index 451ac2ee..df167870 100644
--- a/rpg-docs/Routes/API.js
+++ b/rpg-docs/Routes/API.js
@@ -33,6 +33,7 @@ var ifKeyValid = function(apiKey, response, callback){
 		response.writeHead(403, "API key is invalid");
 		response.end();
 	} else if (isRateLimited(apiKey)){
+		console.log(`Rate limit hit by API key ${apiKey}`);
 		response.writeHead(429, "Too many requests");
 		response.end();
 	} else {
@@ -42,7 +43,10 @@ var ifKeyValid = function(apiKey, response, callback){
 };
 
 var isKeyValid = function(apiKey){
-	return !!Meteor.users.findOne({apiKey});
+	var user = Meteor.users.findOne({apiKey});
+	if (!user) return false;
+	var blackListed = Blacklist.findOne({userId: user._id});
+	return !blackListed;
 };
 
 var rateLimiter = new RateLimiter();